Unauthorized Access in Apache Solr Due to Input Validation Flaw
CVE-2026-22022

8.2HIGH

Key Information:

Vendor: Apache
Status: Apache Solr
Vendor: CVE Published:; 21 January 2026

What is CVE-2026-22022?

Apache Solr versions 5.3.0 to 9.10.0 are at risk of unauthorized access through insufficient input validation in the Rule Based Authorization Plugin. This security issue arises when deployments utilize multiple roles and predefined permission rules but do not specify the 'all' permission. Additionally, if the network setup allows unmonitored client requests to Solr, the vulnerability becomes exploitable. Organizations are advised to review their configurations to ensure security and upgrade to an unaffected version, such as 9.10.1, to bolster their defenses.

Affected Version(s)

Apache Solr 5.3 <= 9.10.0

References

https://lists.apache.org/thread/d59hqbgo7p62myq7mgfpz7or8...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2026
Vulnerability Reserved
Jan 5, 2026

Credit

monkeontheroof

JSON